linux系統內容下，對檔案進行加密__linux

引用自：http://blog.chinaunix.net/u/19895/showart_232861.html 

Linux關於檔案加密的兩種方法和詳解： 
一、用GnuPG加密檔案。 
GnuPG軟體包（Gnu Privacy Guard,Gnu隱私保鏢）,軟體包的名稱是gpg。 
gpg在加密檔案時使用的是公用祕密金鑰加密方法。 
1.第一步是要建立一個將來用來發送加密資料和進行解密資料的密鑰。我們執行一下gpg命令，就會在你的主目錄下建立一個.gnupg子目錄。 
（如果它不存在的話，有時已經存在了）。在該子目錄裡面有一個gpg.conf的設定檔，它裡面是gpg工具的各種配置選項及其預設設定值。 
接下來，我們來進行第一項，產生密鑰： 
[root@fxvsystem root]# gpg --gen-key                         >>這個命令產生密鑰 
gpg (GnuPG) 1.2.4; Copyright (C) 2003 Free Software Foundation, Inc. 
This program comes with ABSOLUTELY NO WARRANTY. 
This is free software, and you are welcome to redistribute it 
under certain conditions. See the file COPYING for details. 
Please select what kind of key you want:                    >>選擇密鑰類型 
   (1) DSA and ElGamal (default) 
   (2) DSA (sign only) 
   (4) RSA (sign only) 
Your selection? 1 
DSA keypair will have 1024 bits. 
About to generate a new ELG-E keypair.                      >>選擇密鑰長度 
              minimum keysize is  768 bits 
              default keysize is 1024 bits 
    highest suggested keysize is 2048 bits 
What keysize do you want? (1024) 768 
Requested keysize is 768 bits       
Please specify how long the key should be valid.            >>選擇密鑰有效期間，0代表沒有期限 
         0 = key does not expire 
      <n>  = key expires in n days 
      <n>w = key expires in n weeks 
      <n>m = key expires in n months 
      <n>y = key expires in n years 
Key is valid for? (0) 0 
Key does not expire at all 
Is this correct (y/n)? y                                     >>最後確認是否正確                        
You need a User-ID to identify your key; the software constructs the user id 
from Real Name, Comment and Email Address in this form: 
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" 
Real name: test201                                           >>輸入基本資料，真實名字 
Email address: test201@test201.com                           >>輸入郵件地址 
Comment: this is 201 key                                     >>其他相關注釋資訊 
You selected this USER-ID: 
    "test201 (this is 201 key) <test201@test201.com>" 
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O                >>確認OK 
You need a Passphrase to protect your secret key.   
Enter passphrase:                                            >>輸入密鑰口令 
Repeat passphrase: 
We need to generate a lot of random bytes. It is a good idea to perform 
some other action (type on the keyboard, move the mouse, utilize the 
disks) during the prime generation; this gives the random number 
generator a better chance to gain enough entropy. 
+++++.+++++++++++++++++++++++++++++++++++++++++++++.+++++..+++++++++++++++++++++++++++++++++++++++++++++.+++++..++++++++++.+++++++++++++++>.++++++++++...........................................................+++++
                                                                         >>產生密鑰過程會出現連續的這種符號。 
Not enough random bytes available.  Please do some other work to give 
the OS a chance to collect more entropy! (Need 215 more bytes) 
We need to generate a lot of random bytes. It is a good idea to perform 
some other action (type on the keyboard, move the mouse, utilize the 
disks) during the prime generation; this gives the random number 
generator a better chance to gain enough entropy.                         >>這段話表明提示我們在系統上建立一些隨機的活動，如果沒有足夠的活動，他會停下來提示我們繼續這樣做。（比如查看一下cpu,隨意敲打一下鍵盤都可以） 
++++++++++.+++++++++++++++.++++++++++++++++++++.++++++++++.+++++++++++++++++++++++++.+++++.+++++.+++++++++++++++.+++++.++++++++++++++++++++....>+++++..+++++^^^^^
gpg: /root/.gnupg/trustdb.gpg: trustdb created 
public and secret key created and signed. 
key marked as ultimately trusted. 
pub  1024D/BA56DDDA 2007-01-16 test201 (this is 201 key) <test201@test201.com>                   這行裡面的BA56DDDA是產生的公用密鑰的標識，我們在後面還要使用，記住它吧。 
     Key fingerprint = 98E8 0A56 9E16 F61B 379D  2F53 D5DF 4117 BA56 DDDA 
sub   768g/8F754496 2007-01-16 
                                                                         >>成功 
[root@fxvsystem root]# 
現在我們已經產生了一對密鑰。查看.gnupg目錄： 
[root@fxvsystem root]# cd .gnupg/ 
[root@fxvsystem .gnupg]# ll 
total 24 
-rw-------  1 root root 8075 Jan 16 11:10 gpg.conf 
-rw-------  1 root root  856 Jan 16 11:30 pubring.gpg                存放別人公用密鑰的“鑰匙環”檔案。 
-rw-------  1 root root    0 Jan 16 11:10 pubring.gpg~ 
-rw-------  1 root root  600 Jan 16 11:30 random_seed 
-rw-------  1 root root  991 Jan 16 11:30 secring.gpg 
-rw-------  1 root root 1240 Jan 16 11:30 trustdb.gpg 
[root@fxvsystem .gnupg]# 
又新產生了幾個相關的檔案。 
2.為了把剛才產生的公用密鑰發送給對方，我們需要先用命令把它提取出來： 
[root@fxvsystem gpg]# gpg --armor --export BA56DDDA > 201.key        把公用密鑰提取到檔案201.key中。 
其中： 
--armor是讓gpg產生ASCII格式的輸出，這樣適合電子郵件來發送。如果可以使用ssh等支援二進位檔案傳輸的工具。可以不使用這個選項。 
--export  就不用多說了，就是匯出的意思。 

3.在收到別人傳過來的公用密鑰後，需要把這個公用密鑰放到“鑰匙環”檔案裡： 
比如，我們在另一台電腦上收到了剛才201.key這個公用密鑰，然後我們執行： 
[root@localhost gpg]# gpg --import 201.key 
gpg: key BA56DDDA: public key "test201 (this is 201 key) <test201@test201.com>" imported 
gpg: Total number processed: 1 
gpg:               imported: 1 
通過這條命令，可以把剛才在201機器上產生的公用密鑰匯入到161機器的“鑰匙環”檔案（~/.gnupg/pubring.gpg）中。 
可以通過gpg -kv命令查看161機器上當前存放多少個別人的公用密鑰： 
[root@localhost gpg]# gpg -kv 
/root/.gnupg/pubring.gpg 
------------------------ 
pub   1024D/1C05EC6B 2007-01-15 
uid                  Paolo (this test destination 213) <wangqi@livedoor.cn> 
sub   1024g/A16A8685 2007-01-15 
pub   1024D/BC3AA97D 2007-01-15 
uid                  Wangqi (test to 161) <wangqi@livedoor.cn> 
sub   1024g/33A9764D 2007-01-15 
pub   1024D/BA56DDDA 2007-01-16 
uid                  test201 (this is 201 key) <test201@test201.com> 
sub    768g/8F754496 2007-01-16 
[root@localhost gpg]#